SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  BackupExec Vendors:  Symantec
Veritas Backup Exec Remote Agent Discloses Arbitrary Files to Remote Users
SecurityTracker Alert ID:  1014662
SecurityTracker URL:  http://securitytracker.com/id?1014662
CVE Reference:  CVE-2005-2611   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Aug 12 2005
Impact:  Disclosure of system information, Disclosure of user information, User access via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Advisory:  Symantec Advisory
Version(s): Backup Exec for Windows Servers 9.0, 9.1, and 10.0; Remote Agent for Windows Server; Remote Agent for Unix/Linux Server; for NetWare
Description:  A vulnerability was reported in Veritas Backup Exec. A remote user can download arbitrary files from the target system.

The software uses a hard-coded, default authentication password. A remote user can send a CONNECT_CLIENT_AUTH request with a certain encrypted password value to successfully authenticate to the target application and gain access to files on the target system.

The vendor has confirmed that the following versions are affected:

VERITAS Backup Exec for Windows Servers 9.0, 9.1, and 10.0
VERITAS Backup Exec Remote Agent for Windows Server
VERITAS Backup Exec Remote Agent for Unix/Linux Server
VERITAS Backup Exec for NetWare Servers 9.1
VERITAS Backup Exec Remote Agent for NetWare Server
VERITAS NetBackup for NetWare Media Server Option 4.5, 4.5 FP, 5.0, and 5.1

Some demonstration exploit code is available at:

http://www.milw0rm.com/id.php?id=1147

Several reports indicate that this vulnerability is being actively exploited.
Impact:  A remote user can gain access to the target application. With this access, the user can obtain files from the target system.
Solution:  Symantec/Veritas has issued fixes for NetBackup for Netware Media Server, Backup Exec for Netware Servers, and Backup Exec for Windows Servers.

NetBackup 4.5 Maintenance Pack 8B for Netware Media Servers:

http://support.veritas.com/docs/278456

NetBackup 4.5 Feature Pack 8B for Netware Media Servers:

http://support.veritas.com/docs/278457

NetBackup 5.0 Maintenance Pack 5B for Netware Media Servers:

http://support.veritas.com/docs/278458

NetBackup 5.1 Maintenance Pack 3B for Netware Media Servers:

http://support.veritas.com/docs/278459

Backup Exec 9.1.1158.3 for Netware Servers:

English Only Installation File: http://support.veritas.com/docs/278463
English/French/German Installation file: http://support.veritas.com/docs/278462

Users of Exec 9.0 for NetWare Servers must upgrade to version 9.1 or higher.

Backup Exec 9.0 4367 for Windows Servers Hotfix 22:

http://support.veritas.com/docs/278469

Backup Exec 9.0 4454 for Windows Servers Hotfix 32

http://support.veritas.com/docs/278468

Backup Exec 9.1 4691 for Windows Servers Hotfix 54

http://support.veritas.com/docs/278467


Backup Exec 10.0 5520 for Windows Servers Hotfix 15

http://support.veritas.com/docs/278465

Backup Exec 10.0 5520 Hotfix 16 - Remote Agent for Linux/UNIX Servers (RALUS) update

http://support.veritas.com/docs/278471

Backup Exec 10.0 5484 for Windows Servers Hotfix 30

http://support.veritas.com/docs/278466

Backup Exec 10.0 5484 Hotfix 31 - Remote Agent for Linux/UNIX Servers (RALUS) update

http://support.veritas.com/docs/278470

Users of Backup Exec 8.6 for Windows Servers must upgrade to a newer version to obtain a fix.

The vendor indicates that, as a workaround, you can block external access to TCP port 10000.

The vendor's advisories are available at:

http://seer.support.veritas.com/docs/278430.htm
http://seer.support.veritas.com/docs/278431.htm
http://seer.support.veritas.com /docs/278434.htm
Vendor URL:  securityresponse.symantec.com/avcenter/security/Content/14551.html (Links to External Site)
Cause:  Authentication error, Configuration error, Not specified
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Fri, 12 Aug 2005 01:55:47 -0400
Subject:  http://securityresponse.symantec.com/avcenter/security/Content/14551.html

 
 
Veritas Backup Exec Remote Agent for Windows Servers Arbitrary File Download 
Vulnerability
 
Risk
High
 
Date Discovered
08-12-2005
 
Description
Veritas Backup Exec for Windows Servers is prone to a vulnerability regarding the 
unauthorized downloading of arbitrary files.
 
A remote attacker can exploit this vulnerability to download arbitrary files. A 
metasploit framework exploit is available and there are reports of this vulnerability 
currently being exploited in the wild.
 
Components Affected
Veritas Software Backup Exec 8.0
Veritas Software Backup Exec 8.5
Veritas Software Backup Exec 8.6
 
Recommendations
Block external access at the network boundary, unless service is required by external 
parties.
Block external access to the service (TCP port 10000) at the network perimeter. Permit 
access for trusted or internal computers and networks only.
 
Deploy network intrusion detection systems to monitor network traffic for malicious 
activity.
Deploy network intrusion detection systems to monitor network traffic for signs of 
anomalous or suspicious activity. This may aid in detection of attacks or malicious 
activity related to exploitation of latent vulnerabilities.
 
Currently we are not aware of any vendor-supplied patches for this issue. If you feel 
we are in error or are aware of more recent information, please mail us at: 
vuldb@securityfocus.com .
Veritas Software Backup Exec 8.0:
Veritas Software Backup Exec 8.5:
Veritas Software Backup Exec 8.6:
 
References
Source: Backup Product Homepage
URL: http://www.veritas.com/us/products/backup/index.html
 
Source: Veritas Homepage
URL: http://www.veritas.com/
 
Credits
The discoverer of this vulnerability wishes to remain anonymous.
 
Copyright (c) 2005 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as it is not 
edited in any way unless authorized by Symantec Security Response. Reprinting the whole 
or part of this alert in any medium other than electronically requires permission from 
secure@symantec.com.
 
Disclaimer
The information in the advisory is believed to be accurate at the time of publishing 
based on currently available information. Use of the information constitutes acceptance 
for use in an AS IS condition. There are no warranties with regard to this information. 
Neither the author nor the publisher accepts any liability for any direct, indirect, or 
consequential loss or damage arising from use of, or reliance on, this information.
 
Symantec, Symantec products, Symantec Security Response, and SymSecurity are registered 
trademarks of Symantec Corp. and/or affiliated companies in the United States and other 
countries. All other registered and unregistered trademarks represented in this 
document are the sole property of their respective companies/owners.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC